//package com.example.gdzd_demo.filter;
//
//import com.sct.tiaojie.config.AuthConfig;
//import com.sct.tiaojie.web.security.filter.AuthenticationTokenFilter;
//import com.sct.tiaojie.web.security.filter.RestAccessDeniedHandler;
//import com.sct.tiaojie.web.security.filter.RestAuthenticationEntryPoint;
//import lombok.extern.slf4j.Slf4j;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.beans.factory.annotation.Value;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//
//import java.util.Objects;
//import java.util.StringJoiner;
//
///***********************************************************************************************************************
// * @version V1.0
// * @description Spring Security配置入口，本项目只使用了Security的授权验证功能，并未使用其中的登录认证功能，而是自己处
// *                理登录认证，因为本项目采用前后端分离开发部署方式，前后交互通过JWT Token做为信任标识，后端所有接口统一
// *                采用标准REST风格
// **********************************************************************************************************************/
//@Slf4j
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class SecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Value("${spring.profiles.active:dev}")
//    private String profileActive;
//
//    @Autowired
//    private AuthConfig authConfig;
//
//    private static final String PROFILE_ACTIVE_PROD = "prod";
//
//    /**
//     * IP白名单可访问URL
//     */
//    private static final String[] IP_WHITELIST_URLS = {
//    };
//
//    @Autowired
//    private RestAccessDeniedHandler restAccessDeniedHandler;
//    @Autowired
//    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
//
//
//    @Value("${otsdata.auth.authIpWhiteList:127.0.0.1}")
//    private String authIpWhiteList;
//
//    @Bean
//    public AuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
//        return new AuthenticationTokenFilter(authenticationManager());
//    }
//
//    @Override
//    protected void configure(HttpSecurity httpSecurity) throws Exception {
//
//        String[] ipWhiteList = authIpWhiteList.split(",");
//        log.info("ip白名单: {}", String.join("\n", ipWhiteList));
//        StringJoiner ipWhiteListExpression = new StringJoiner(" or ");
//        for (String ip : ipWhiteList) {
//            ipWhiteListExpression.add(String.format("hasIpAddress('%s')", ip.trim()));
//        }
//        if (!Objects.equals(profileActive, PROFILE_ACTIVE_PROD)) {
//            httpSecurity.cors();
//        }
//
//        // 基于token，所以不需要session
//        httpSecurity.csrf().disable()// 由于使用的是JWT，我们这里不需要csrf，并且支持跨域
//
//                // 基于token，所以不需要session
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//                .exceptionHandling()
//                .authenticationEntryPoint(restAuthenticationEntryPoint)
//                .and()
//                .exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
//                .and()
//                .authorizeRequests()
//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
//                .antMatchers(authConfig.getIgnore()).permitAll()
//                .antMatchers(HttpMethod.GET, authConfig.getStaticResource()).permitAll()
//                .and()
//                // IP白名单可访问URL 不需要鉴权认证
//                .authorizeRequests()
//                .antMatchers(IP_WHITELIST_URLS)
//                .access(ipWhiteListExpression.toString())
//                .and()
//                // 除上面外的所有请求全部需要鉴权认证
//                .authorizeRequests()
//                .anyRequest()
//                .authenticated();
//
//        // 添加 token filter
//        httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
//        // 禁用缓存
//        httpSecurity.headers().cacheControl();
//    }
//}
